A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Hacking Identity: A Pen Tester's Guide to IAM - Jerod Brennen BSides Cleveland 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Hacking Identity: A Pen Tester's Guide to IAM
Jerod Brennen


Know your opponent and know yourself. It held true for Sun Tzu 2500 years ago, and it holds true for pen testers today. A pen tester who has worked in sec ops role has a distinct advantage, especially if that pen tester has a solid grasp of the good, the bad, and the ugly of identity and access management (IAM) in an enterprise setting. For red teams, this presentation will cover pen testing tips and tricks to circumvent weak or missing IAM controls. For blue teams, we'll also cover the steps you can take to shore up your IAM controls and catch pen testers in the act. Purple teaming, FTW!

By night, I'm a husband, father, writer, filmmaker, martial artist, musician, and gamer. I think it's fair to say that I've earned every gray hair in my beard, having spent my career fulfilling infosec roles in consulting, higher education, retail, and public utilities. I like to share what I've learned over the years with local and regional information security professional organizations, as well as attendees at larger information security conferences. In addition to writing articles like this one, I teach information security courses, both domestically and internationally. At the end of the day, I just want to help folks get one step closer to doing what they want to do securely.

Back to BSides Cleveland 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast